So I’ve done VLANs with just RB2011’s or with a CRS125 with no WLAN, but I’m struggling when throwing a WLAN interface into the mix as you now have to have a BRIDGE to join networks which is probably the biggest issue I’m facing.
Had a working network with 4 VLANs (VLAN10, VLAN20, VLAN30, VLAN40) using a RB493 and RB2011s, but replaced the RB493 with a CRS125-24G-1S-2HnD-IN and adding a new VLAN for Voice (VLAN80).
Per all the documentation I read, the CRS125 supports Hybrid VLAN ports, i.e. PortX will have a VoIP phone that is tagged with VLAN (VID) 80, and then have a computer in the Pass-Thru port of the VoIP phone that will default to VLAN (VID) 10. I tested this on the CRS125 and it worked fine, before introducing/configuring the WLAN and thus adding a Bridge/s into the config.
The CRS 125 has Ports 1 & 2 configured/set aside for WAN/Internet connections, 3, 4 and 5 are setup as Trunks to 2 x RB2011s at this stage with a future CRS125 in Trunk3. The rest of the ports are setup in the Hybrid fashion to accept either a computer directly for VID:10, or thru a VoIP phone (VID:80) that daisy chains to the computer for VID:10.
The RB2011 has port 1 configured as Trunk 1, ports 2 thru 5 will be regular VID:10 and Ports 6-10 tagged as VID:80 (if possible) - definitely need to hang a phone VID:80 thru 1 of these RB2011s (AP2) and a regular VID:10 computer on the other RB2011 (AP1).
VLANs 20, 30 and 40 are mainly used for wireless networks at this point on all MikroTiks, VLAN 10 is the main network which runs hardwired and wireless, VLAN 80 is the new VLAN that is only hard wired for new VoIP phones that may or may not have computers daisy chained on their pass-thru port for VLAN 10.
Below is the problem I’m experiencing and the current relevant CRS125 & RB2011 configs:
VLANs & VoIP phone:
-On CRS125:
- with phone left to default (VID:0); gets regular IP and works fine.
- with phone set to VID:80; getting a VID:10 IP Address from DHCP but then no connectivity likely due to VLAN tag.
-On RB2011: - phone in Ports 2-5 when set to default (VID:0), works fine, in Ports 6-10; no IP address;
- when phone is set to VID:80 in Ports 2-5 gets a VID:10 IP Address but no connectivity, in ports 6-10 no IP Address.
Below is config (Supout files also attached), what am I missing PLEASE?
CRS125.Core.wVLANs
#
# feb/03/2015 12:32:59 by RouterOS 6.25
#
/interface bridge
add admin-mac=10:5E:0C:92:1F:FE auto-mac=no comment="Regular Data" mtu=1500 name=\
BR_VLAN10
add admin-mac=20:5E:0C:92:1F:FE auto-mac=no comment="Guests" mtu=1500 \
name=BR_VLAN20
add admin-mac=30:5E:0C:92:1F:FE auto-mac=no comment="Tenant 1" mtu=1500 name=\
BR_VLAN30
add admin-mac=40:5E:0C:92:1F:FE auto-mac=no comment="Tenant 2" mtu=1500 name=\
BR_VLAN40
add admin-mac=80:5E:0C:92:1F:FE auto-mac=no comment="Voice VLAN" mtu=1500 name=\
BR_VLAN80
/interface ethernet
set [ find default-name=ether3 ] comment="Storeroom 1" name=Trunk1
set [ find default-name=ether4 ] comment="Pantry" master-port=Trunk1 name=Trunk2
set [ find default-name=ether5 ] comment="New Building" disabled=yes master-port=Trunk1 \
name=Trunk3
set [ find default-name=ether6 ] master-port=Trunk1 name=lan1
set [ find default-name=ether7 ] master-port=Trunk1 name=lan2
set [ find default-name=ether8 ] master-port=Trunk1 name=lan3
set [ find default-name=ether9 ] master-port=Trunk1 name=lan4
set [ find default-name=ether10 ] master-port=Trunk1 name=lan5
set [ find default-name=ether11 ] master-port=Trunk1 name=lan6
set [ find default-name=ether12 ] master-port=Trunk1 name=lan7
set [ find default-name=ether13 ] master-port=Trunk1 name=lan8
set [ find default-name=ether14 ] master-port=Trunk1 name=lan9
set [ find default-name=ether15 ] master-port=Trunk1 name=lan10
set [ find default-name=ether16 ] master-port=Trunk1 name=lan11
set [ find default-name=ether17 ] master-port=Trunk1 name=lan12
set [ find default-name=ether18 ] master-port=Trunk1 name=lan13
set [ find default-name=ether19 ] master-port=Trunk1 name=lan14
set [ find default-name=ether20 ] master-port=Trunk1 name=lan15
set [ find default-name=ether21 ] master-port=Trunk1 name=lan16
set [ find default-name=ether22 ] master-port=Trunk1 name=lan17
set [ find default-name=ether23 ] comment="Core" master-port=Trunk1 name=lan18
set [ find default-name=ether24 ] comment="HyperV Switch" master-port=Trunk1 name=lan19
set [ find default-name=sfp1 ] disabled=yes
set [ find default-name=ether1 ] name=wan1
set [ find default-name=ether2 ] disabled=yes name=wan2
/interface vlan
add interface=Trunk1 l2mtu=1584 name=vlan10.1 vlan-id=10
add interface=Trunk2 l2mtu=1584 name=vlan10.2 vlan-id=10
add interface=Trunk3 l2mtu=1584 name=vlan10.3 vlan-id=10
add interface=Trunk1 l2mtu=1584 name=vlan20.1 vlan-id=20
add interface=Trunk2 l2mtu=1584 name=vlan20.2 vlan-id=20
add interface=Trunk3 l2mtu=1584 name=vlan20.3 vlan-id=20
add interface=Trunk1 l2mtu=1584 name=vlan30.1 vlan-id=30
add interface=Trunk2 l2mtu=1584 name=vlan30.2 vlan-id=30
add interface=Trunk3 l2mtu=1584 name=vlan30.3 vlan-id=30
add interface=Trunk1 l2mtu=1584 name=vlan40.1 vlan-id=40
add interface=Trunk2 l2mtu=1584 name=vlan40.2 vlan-id=40
add interface=Trunk3 l2mtu=1584 name=vlan40.3 vlan-id=40
add interface=Trunk1 l2mtu=1584 name=vlan80.1 vlan-id=80
add interface=Trunk2 l2mtu=1584 name=vlan80.2 vlan-id=80
add interface=Trunk3 l2mtu=1584 name=vlan80.3 vlan-id=80
/interface ethernet switch
set forward-unknown-vlan=no
/interface wireless security-profiles
set [ find default=yes ] group-ciphers="" supplicant-identity=MikroTik \
unicast-ciphers=""
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=KEY1-aes \
supplicant-identity="" wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=KEY2-aes \
supplicant-identity="" wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=\
KEY3-aes supplicant-identity="" wpa-pre-shared-key=XXXXXXXX \
wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=\
KEY4-aes supplicant-identity="" wpa-pre-shared-key=XXXXXXXX \
wpa2-pre-shared-key=XXXXXXXX
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n country=\
"united states" disabled=no distance=indoors frequency=2437 hide-ssid=yes \
ht-basic-mcs="" l2mtu=2290 mode=ap-bridge radio-name=Core.CRS \
security-profile=KEY1-aes ssid=Hidden tx-power-mode=all-rates-fixed \
wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=10:5E:0C:92:20:15 master-interface=\
wlan1 name=VAP_VLAN10 security-profile=KEY1-aes ssid=ssid1
add disabled=no l2mtu=2290 mac-address=20:5E:0C:92:20:15 master-interface=\
wlan1 name=VAP_VLAN20 security-profile=KEY2-aes ssid=ssid2
add mac-address=30:5E:0C:92:20:15 master-interface=wlan1 name=VAP_VLAN30 \
security-profile=KEY3-aes ssid=ssid3
add disabled=no l2mtu=2290 mac-address=40:5E:0C:92:20:15 master-interface=\
wlan1 name=VAP_VLAN40 security-profile=KEY4-aes ssid=ssid4
/ip pool
add name=dhcp_pool1 ranges=192.168.0.200-192.168.0.220
add name=dhcp_pool2 ranges=192.168.1.100-192.168.1.199
add name=dhcp_pool3 ranges=192.168.88.100-192.168.88.150
add name=dhcp_pool4 ranges=10.0.1.100-10.0.1.150
add name=dhcp_pool5 ranges=172.16.80.100-172.16.80.199
/ip dhcp-server
add address-pool=dhcp_pool1 interface=BR_VLAN10 lease-time=1d name=dhcp1
add address-pool=dhcp_pool2 bootp-lease-time=lease-time bootp-support=dynamic \
disabled=no interface=BR_VLAN20 lease-time=1d name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=BR_VLAN30 lease-time=1d \
name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=BR_VLAN40 lease-time=1d \
name=dhcp4
add add-arp=yes address-pool=dhcp_pool5 bootp-lease-time=lease-time \
bootp-support=dynamic disabled=no interface=BR_VLAN80 lease-time=8h name=\
dhcp5
/interface bridge port
add bridge=BR_VLAN10 interface=VAP_VLAN10
add bridge=BR_VLAN20 interface=VAP_VLAN20
add bridge=BR_VLAN30 interface=VAP_VLAN30
add bridge=BR_VLAN40 interface=VAP_VLAN40
add bridge=BR_VLAN10 interface=Trunk1
add bridge=BR_VLAN10 interface=vlan10.1
add bridge=BR_VLAN20 interface=vlan20.1
add bridge=BR_VLAN30 interface=vlan30.1
add bridge=BR_VLAN40 interface=vlan40.1
add bridge=BR_VLAN10 interface=vlan10.2
add bridge=BR_VLAN20 interface=vlan20.2
add bridge=BR_VLAN30 interface=vlan30.2
add bridge=BR_VLAN40 interface=vlan40.2
add bridge=BR_VLAN10 interface=vlan10.3
add bridge=BR_VLAN20 interface=vlan20.3
add bridge=BR_VLAN30 interface=vlan30.3
add bridge=BR_VLAN40 interface=vlan40.3
/interface ethernet switch egress-vlan-tag
add tagged-ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=10
add tagged-ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=20
add tagged-ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=30
add tagged-ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=40
add tagged-ports="Trunk1,Trunk2,Trunk3,lan1,lan2,lan3,lan4,lan5,lan6,lan7,lan8\
,lan9,lan10,lan11,lan12,lan13,lan14,lan15,lan16,lan17,switch1-cpu" \
vlan-id=80
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=lan1 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan2 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan3 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan4 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan5 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan6 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan7 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan8 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan9 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan10 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan11 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan12 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan13 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan14 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan15 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan16 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan17 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan18 sa-learning=yes
add customer-vid=0 new-customer-vid=10 ports=lan19 sa-learning=yes
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch vlan
add ports="Trunk1,Trunk2,Trunk3,lan1,lan2,lan3,lan4,lan5,lan6,lan7,lan8,lan9,l\
an10,lan11,lan12,lan13,lan14,lan15,lan16,lan17,lan18,lan19,switch1-cpu" \
vlan-id=10
add ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=20
add ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=30
add ports=Trunk1,Trunk2,Trunk3,switch1-cpu vlan-id=40
add ports="Trunk1,Trunk2,Trunk3,lan1,lan2,lan3,lan4,lan5,lan6,lan7,lan8,lan9,l\
an10,lan11,lan12,lan13,lan14,lan15,lan16,lan17,lan18,lan19,switch1-cpu" \
vlan-id=80
/ip address
add address=192.168.0.1/24 interface=BR_VLAN10 network=192.168.0.0
add address=W.X.Y.Z/30 interface=wan1 network=w.x.y.0
add address=192.168.1.1/24 interface=BR_VLAN20 network=192.168.1.0
add address=192.168.88.1/24 interface=BR_VLAN30 network=192.168.88.0
add address=10.0.1.1/24 interface=BR_VLAN40 network=10.0.1.0
add address=172.16.80.254/24 interface=BR_VLAN80 network=172.16.80.0
/ip dhcp-server config
set store-leases-disk=immediately
/ip dhcp-server network
add address=10.0.1.0/24 dns-server=10.0.1.1 domain=XXXXX.local gateway=\
10.0.1.1
add address=172.16.80.0/24 dns-server=172.16.80.254,8.8.8.8 domain=\
XXXXXvoice.local gateway=172.16.80.254
add address=192.168.0.0/24 dns-server=192.168.0.1 domain=XXXXX.local \
gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=69.27.0.131,69.27.8.130 domain=\
XXXXXGuests.local gateway=192.168.1.1
add address=192.168.88.0/24 dns-server=192.168.88.1,69.27.8.130 domain=\
YYYYYY.local gateway=192.168.88.1
RB2011.AP2 (same as AP1)
# feb/03/2015 12:33:41 by RouterOS 6.25
#
/interface bridge
add admin-mac=10:5E:0C:C7:87:AD auto-mac=no name=BR_VLAN10
add admin-mac=20:5E:0C:C7:87:AD auto-mac=no name=BR_VLAN20
add admin-mac=30:5E:0C:C7:87:AD auto-mac=no name=BR_VLAN30
add admin-mac=40:5E:0C:C7:87:AD auto-mac=no name=BR_VLAN40
add admin-mac=80:5E:0C:C7:87:AD auto-mac=no name=BR_VLAN80
/interface ethernet
set [ find default-name=ether1 ] name=Trunk1
set [ find default-name=ether2 ] name=lan2
set [ find default-name=ether3 ] name=lan3
set [ find default-name=ether4 ] name=lan4
set [ find default-name=ether5 ] name=lan5
set [ find default-name=ether10 ] name=lan10
set [ find default-name=ether6 ] master-port=lan10 name=lan6
set [ find default-name=ether7 ] master-port=lan10 name=lan7
set [ find default-name=ether8 ] master-port=lan10 name=lan8
set [ find default-name=ether9 ] master-port=lan10 name=lan9
set [ find default-name=sfp1 ] disabled=yes name=sfp
/interface vlan
add interface=Trunk1 l2mtu=1594 name=vlan10 vlan-id=10
add interface=Trunk1 l2mtu=1594 name=vlan20 vlan-id=20
add interface=Trunk1 l2mtu=1594 name=vlan30 vlan-id=30
add interface=Trunk1 l2mtu=1594 name=vlan40 vlan-id=40
add interface=Trunk1 l2mtu=1594 name=vlan80 vlan-id=80
/interface ethernet switch port
set 6 default-vlan-id=80 vlan-header=add-if-missing vlan-mode=secure
set 7 default-vlan-id=80 vlan-header=add-if-missing vlan-mode=secure
set 8 default-vlan-id=80 vlan-header=add-if-missing vlan-mode=secure
set 9 default-vlan-id=80 vlan-header=add-if-missing vlan-mode=secure
set 10 default-vlan-id=80 vlan-header=add-if-missing vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] group-ciphers="" supplicant-identity=MikroTik \
unicast-ciphers=""
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=KEY1-aes \
supplicant-identity="" wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=KEY2-aes \
supplicant-identity="" wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=\
KEY3-aes supplicant-identity="" wpa-pre-shared-key=XXXXXXXX \
wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=\
KEY4-aes supplicant-identity="" wpa-pre-shared-key=XXXXXXXX \
wpa2-pre-shared-key=XXXXXXXX
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n country=\
"united states" frequency=2437 hide-ssid=yes ht-basic-mcs="" l2mtu=2290 \
mode=ap-bridge radio-name=AP1 rate-set=configured security-profile=\
KEY1-aes ssid=Hidden wireless-protocol=802.11 disabled=no
add disabled=no mac-address=10:5E:0C:C7:87:B7 master-interface=wlan1 name=\
VAP_VLAN10 security-profile=KEY1-aes ssid=ssid1
add disabled=no mac-address=20:5E:0C:C7:87:B7 master-interface=wlan1 name=\
VAP_VLAN20 security-profile=KEY2-aes ssid=ssid2
add mac-address=30:5E:0C:C7:87:B7 master-interface=wlan1 name=VAP_VLAN30 \
security-profile=KEY3-aes ssid=ssid3
add disabled=no mac-address=40:5E:0C:C7:87:B7 master-interface=wlan1 name=\
VAP_VLAN40 security-profile=KEY4-aes ssid=ssid4
/interface bridge port
add bridge=BR_VLAN10 interface=lan2
add bridge=BR_VLAN10 interface=lan3
add bridge=BR_VLAN10 interface=lan4
add bridge=BR_VLAN10 interface=lan5
add bridge=BR_VLAN10 interface=vlan10
add bridge=BR_VLAN10 interface=VAP_VLAN10
add bridge=BR_VLAN20 interface=vlan20
add bridge=BR_VLAN20 interface=VAP_VLAN20
add bridge=BR_VLAN30 interface=vlan30
add bridge=BR_VLAN30 interface=VAP_VLAN30
add bridge=BR_VLAN40 interface=vlan40
add bridge=BR_VLAN40 interface=VAP_VLAN40
add bridge=BR_VLAN80 interface=lan10
add bridge=BR_VLAN80 interface=vlan80
/interface ethernet switch vlan
add independent-learning=no ports=Trunk1,lan2,lan3,lan4,lan5 switch=switch1 vlan-id=10
add independent-learning=no ports=Trunk1 switch=switch1 vlan-id=20
add independent-learning=no ports=Trunk1 switch=switch1 vlan-id=30
add independent-learning=no ports=Trunk1 switch=switch1 vlan-id=40
add independent-learning=no ports=Trunk1 switch=switch1 vlan-id=80
add ports=lan6,lan7,lan8,lan9,lan10 switch=switch2 vlan-id=80
/ip address
add address=192.168.0.3/24 interface=BR_VLAN10 network=192.168.0.0
add address=192.168.1.3/24 interface=BR_VLAN20 network=192.168.1.0
add address=192.168.88.3/24 interface=BR_VLAN30 network=192.168.88.0
add address=10.0.1.3/24 interface=BR_VLAN40 network=10.0.1.0
add address=172.16.80.252/24 interface=BR_VLAN80 network=172.16.80.0
/ip route
add distance=1 gateway=192.168.0.1